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The security experts from the Massachusetts Institute of Technology (MIT) and CERT Coordination 
Center have identified a serious vulnerability in some of the implementations of the Kerberos 
authentication protocol. This vulnerability was publicly disclosed on Bugtraq. A vulnerability has been 
found in Kerberos 4, and in Kerberos 5 which contains backwards compatibility with Kerberos 4. Intruders 
may gain root access over the network or locally by exploiting this vulnerability. The identified problem 
involves a buffer overrun in the krb_rd_req() function, a function that is essential to Kerberos- 
authenticated services using Kerberos 4. These include: 

MIT Kerberos 5 releases, 

MIT Kerberos 4 releases with Patch 10 and possibly earlier releases, 

KerbNet running Cygnus implementation of Kerberos 5, and 
Cygnus Network Security running Kerberos 4. 

Daemons and services that may use the krb_rd_req() function for authentication are listed below. An 
intruder can remotely or locally exploit any of them to gain root access including: 

Krshd, 

Klogind (if Kerberos 4 authentication is used), 

Telnetd (if Kerberos 4 authentication is used), 

Ftpd (if Kerberos 4 authentication is used), 

Rkinitd, and 
Kpopd. 

Patches are available for the MIT implementation at web.mit.edu/kerberos/www/. 

NIPC advises recipients who use the referenced Kerberos products to consult frequently the CERT 
Coordination Center at www.cert.org and MIT at web.mit.edu/kerberos/www/ for additional information on 
this vulnerability and patches. FBI/NIPC requests recipients immediately report information on any actual 
or attempted use of this exploit to the local FBI office or NIPC Watch and Warning Unit at 202-323- 
3204/05/06. 


